Rondell Lopez Posted May 30 Posted May 30 I have hundreds of devices in my environment that shows windows updates stuck on in progress I am trying to figure out the best way to either force the windows update or restart WSUS ? any help would be appreciated
Patrick VDIHacker Posted May 30 Posted May 30 I have seen that happen when there was a pending reboot before the update was applied. Is it the same patch, or is this just an example screenshot with the time from back in November last year when the ship may have sailed by them? 1
Rondell Lopez Posted May 31 Author Posted May 31 thank you for the reply its hundreds of pc in our environment and all different dates and i am finding some that just stopped updating from a specific date . So this environment has around 8k PC's and for months around 2k of them dont update when they push a release . Ifigured out the first part "they were pushing legacy windows update profiles" The second being this issue were hundreds of pc's either show install status in progress or they are just. not updating anymore
Employee Julien GOINDIN Posted June 3 Employee Posted June 3 On 5/31/2024 at 4:52 AM, Rondelltron said: thank you for the reply its hundreds of pc in our environment and all different dates and i am finding some that just stopped updating from a specific date . So this environment has around 8k PC's and for months around 2k of them dont update when they push a release . Ifigured out the first part "they were pushing legacy windows update profiles" The second being this issue were hundreds of pc's either show install status in progress or they are just. not updating anymore Hello, We recommend indeed to use the latest Windows Update profiles since MS made some modifications: https://kb.omnissa.com/s/article/91032?lang=en_US You could also use the Beta profiles to generate CSP code and push it as Custom Profile: Anyway, you can use these path to check the applied configuration on your devices: "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\current\device" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\providers\{EnrollmentGUID}\default\Device" For more informations check the Windows 10 cheat sheet: https://techzone.omnissa.com/api/checkuseraccess?referer=/sites/default/files/associated-content/2110_Windows_Troubleshooting_Cheat_Sheet.pdf 1 Technical Adoption Manager
Rondell Lopez Posted June 3 Author Posted June 3 Is there a way to force re-approval to past updates in mass? Also we have devices that show they got approved for an update but when we go to the updates section on that computer the KB release does not show its like the device does not know there is an update even available . this is what happens every month . we push the KB to 8k devices and close to 2k dot get them . in that 2 k we have devices that are in a stuck showing install in progress for weeks and then devices that just dont show the update at all . But then a month or two will go by and it gets a new KB we released and updates . So we go through this issue of around 2 devices that are not updating but its not always the same devices
Employee Jo Harder Posted June 3 Employee Posted June 3 The devices probably aren't updating because they're referencing a secure URL that has timed out. Take a look at this article, starting with the section Software Distribution Failures. Exciting Improvements to Workspace ONE Intelligent Hub for Windows | VMware (omnissa.com)
Rondell Lopez Posted June 3 Author Posted June 3 thank you for the reply but im not sure that is referencing my inquiry . This is windows updates not custom app deployments
Employee Jo Harder Posted June 3 Employee Posted June 3 Take a look at the Windows Update settings within the Profile. Within the Windows Update guide, look at the Troubleshooting section towards the bottom. Managing Updates for Windows Devices: Workspace ONE Operational Tutorial | VMware (omnissa.com)
Employee Julien GOINDIN Posted June 4 Employee Posted June 4 (edited) @Rondelltron, The Windows Update approval is deprecated by Microsoft: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/why-you-shouldn-t-set-these-25-windows-policies/ba-p/3066178 I strongly advise to remove all Windows Update KB assignment on your UEM Console. You have two solution to manage Windows Update on your fleet: Let the control to Microsoft and apply all Cumulative update on a regular basis (Tuesday patch) Point directly on a WSUS server and approve KB from there only Edited June 4 by Julien GOINDIN Technical Adoption Manager
Rondell Lopez Posted June 4 Author Posted June 4 So you saying we should no longer use this method to release KB's to PC's? I am new to this team and am learning what they have been doing for a while now . Maybe these guys never updated their way of pushing updates to pc's. Right now they push out this profile : Windows Update (legacy) to around 10k PC's and every super tuesday they push out the new KB via the device updates module in WS1. around 1500-2k devices are in these one of three pots ive figured out : 1. device just stopped getting updates randomly at a specific date but will then show they have done updates recently 2. Device shows that it stopped getting updates at a specific date and nothing after . device just stuck on a specific os build and will not update 3. Device shows that is stuck in a "installing updates" and will not update if you manually log in to any of these types of device and poweshell windows updates . the pc will update
Employee Julien GOINDIN Posted June 5 Employee Posted June 5 On 6/4/2024 at 3:10 PM, Rondelltron said: So you saying we should no longer use this method to release KB's to PC's? Indeed, we have a dedicated KB for this: https://kb.omnissa.com/s/article/88942 You should consider the "Device Update" signet for Windows devices deprecated. Since 2022, we are pushing for Auto Update or WSUS. Our Kb state this: Quote For those customers that require the ability to approve updates by classification, VMware recommends leveraging Microsoft WSUS as the source of your devices' updates. By leveraging WSUS, you can control what updates the device can see, and thus prevent a particular update from being installed. From Microsoft point of view, you should use automatic approval of every Tuesday patch using their CSP. If you still desire to manage Windows Update manually, the only solution is to use a WSUS server. Technical Adoption Manager
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now